From: Ansis Atteka <aatteka@nicira.com>
Date: Fri, 9 Mar 2012 00:19:59 +0000 (-0800)
Subject: ovs-monitor-ipsec: Detect correctly IPSEC configuration changes
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=5e2a9988bb7853cad67a36e869d532d9d2f4533a;p=sliver-openvswitch.git

ovs-monitor-ipsec: Detect correctly IPSEC configuration changes

If Open vSwitch has IPSEC tunnel (with certificates) and Interface
table was updated, then ovs-monitor-ipsec daemon would incorrectly
remove and readd all existing IPSEC tunnels.

The root cause for this issue was that "peer_cert_file" key was present in
interfaces dictionary, but it was missing in new_interfaces dictionary.

Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Reported-by: Niklas Andersson <nandersson@nicira.com>
---

diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec
index ac2cd7e17..fc69268f7 100755
--- a/debian/ovs-monitor-ipsec
+++ b/debian/ovs-monitor-ipsec
@@ -216,12 +216,10 @@ path certificate "%s";
 
         # The peer's certificate comes to us in PEM format as a string.
         # Write that string to a file for Racoon to use.
-        peer_cert_file = "%s/ovs-%s.pem" % (self.cert_dir, host)
-        f = open(root_prefix + peer_cert_file, "w")
+        f = open(root_prefix + vals["peer_cert_file"], "w")
         f.write(vals["peer_cert"])
         f.close()
 
-        vals["peer_cert_file"] = peer_cert_file
 
         self.cert_hosts[host] = vals
         self.commit()
@@ -489,8 +487,11 @@ def main():
                         vlog.warn("no valid SSL entry for %s" % name)
                         continue
 
+                    peer_cert_name = "ovs-%s.pem" % (options.get("remote_ip"))
                     entry["certificate"] = ssl_cert[0]
                     entry["private_key"] = ssl_cert[1]
+                    entry["peer_cert_file"] = (Racoon.cert_dir + "/" +
+                                                            peer_cert_name)
 
                 new_interfaces[name] = entry